Fault attacks can, e.g., be used, e.g., to compromise the security and integrity of data handling systems, such as computer products. In particular, fault attacks are an area of concern for smart cards. A fault attack introduces a fault into the system during its operation, thereby causing the system to deviate from its programmed operation. In the past, fault attacks were commonly glitch attacks, such as induced on a power line or a reset line. More recently, light attacks have been found to be a relatively easy way of introducing a fault and disturbing the program flow of a microcontroller. A light attack is executed by flashing light on a surface of, e.g., an integrated circuit (IC), typically while the IC is operating.
Fault attacks are typically targeted to commands, such as conditional jumps or the test instructions preceding them. For example, fault attacks can be used to circumvent a verification of a personal identification number (PIN) number in a smart card. If a user enters an incorrect PIN number, he/she can execute a fault attack at the moment the program is about to jump away to a routine for handling wrong PIN numbers. As a result of the fault attack the jump to the routine for handling wrong PIN numbers is not executed and the program continues as if the PIN number was correct. In this case the user gains, through the fault attack, the privileges associated with a correct PIN number, even though he/she only has possession of a wrong PIN number.
Other classes of security attacks that use fault attacks are those on cryptographic algorithms, such as used in, e.g., cryptographic protocols. For example, using the fault attack, an attacker can cause the algorithm to produce a wrong value. By analyzing the type of errors that occur in this manner, the attacker is, in some circumstances, able to deduce, e.g., a secret key. See, e.g., Boneh at al., “On the Importance of Checking Cryptographic Protocols for Faults”, 1997, Lecture Notes in Computer Science, volume 1233, pages 37-51. The latter attack is also known as the Bellcore attack.
Light attacks affect a read access to a memory, both volatile, such as RAM and non-volatile memory, such as a Read Only Memory (ROM), an EEPROM or Flash-memory. Usually, it is not the memory cell's content which is changed by the light attack, but only the value that is read back which is momentarily changed.
One major security vulnerability on, for instance, smart cards, is the bus that takes care of the communication of a processor with off-chip peripherals and resources, such as code- and data-memory. It is possible to carry out a physical attack in which the values of the bus lines are tampered. To illustrate the power of such an attack, consider the scenario, wherein the value of the program counter (PC), which is put on the bus to the memory in order to retrieve the next instruction of a program that is executed, is changed By only changing a single bit, the attacker can prohibit the execution of a possibly critical instruction, which instruction may be part of, or safeguarding, a security measure taken in the program.
Computer programs are usually structured as a set of basic blocks of instructions. A block of code that has precisely one entry point and one exit point, and which contains, between the entry point and the exit point no jump instructions, and no instructions which are the destination of a jump instruction, is a basic block. A jump instruction is a point in a computer program where the control flow can be altered using an address.
More formally, and somewhat more generally, a sequence of instructions forms a basic block if any instruction in any particular position in the sequence necessarily executes before any other instruction in the sequence, which other instruction is in a position after the particular position, and if moreover, no other instruction executes between two successive instructions in the sequence. Computer programs can be represented as a directed graph wherein the set of basic blocks form the nodes and jumps represent directed edges that connect basic blocks. This representation of a program is called a control-flow graph.
Note that a jump can be an unconditional jump or a conditional jump. For example, on the instruction set of an 8051 processor, the ‘LJMP’ instruction represents the ‘Long Jump’ instruction, which is a jump to an address that is unconditional. For example, also for the 8051 processor, the ‘CJNE’ instruction represents the ‘Compare and Jump If Not Equal’ instruction, which compares two operands and only jumps if the operands are equal.